From owner-freebsd-security@FreeBSD.ORG Sun Oct 20 04:04:16 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id C9B30A05 for ; Sun, 20 Oct 2013 04:04:16 +0000 (UTC) (envelope-from zkolic@sbb.rs) Received: from smtp1.sbb.rs (smtp1.sbb.rs [89.216.2.33]) by mx1.freebsd.org (Postfix) with ESMTP id 3A3862331 for ; Sun, 20 Oct 2013 04:04:15 +0000 (UTC) Received: from faust.localdomain (cable-178-148-96-62.dynamic.sbb.rs [178.148.96.62]) by smtp1.sbb.rs (8.14.0/8.14.0) with ESMTP id r9K449cv002681 for ; Sun, 20 Oct 2013 06:04:14 +0200 Received: by faust.localdomain (Postfix, from userid 1001) id 1507BA41BB1; Sun, 20 Oct 2013 06:04:10 +0200 (CEST) Date: Sun, 20 Oct 2013 06:04:10 +0200 From: Zoran Kolic To: freebsd-security@freebsd.org Subject: .rnd file after starting X Message-ID: <20131020040409.GA11465@faust.sbb.rs> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Oct 2013 04:04:16 -0000 After updating to 9.2 release and upgrading ports, I had to compile nvidia driver 319.32. Finally, have graphics up. One file shows out of the blue, when- ever I run startx, spite I remove it regurarly. The size is 1024. Man for rand mentions it. I cannot see what openssl has to do with X at the moment. Amd64. I might send the file if someone wants to take a closer look at it. Best regards Zoran From owner-freebsd-security@FreeBSD.ORG Sun Oct 20 05:44:07 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 5D05BAFC for ; Sun, 20 Oct 2013 05:44:07 +0000 (UTC) (envelope-from lists@eitanadler.com) Received: from mail-qe0-x22d.google.com (mail-qe0-x22d.google.com [IPv6:2607:f8b0:400d:c02::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 1AC9726CE for ; Sun, 20 Oct 2013 05:44:07 +0000 (UTC) Received: by mail-qe0-f45.google.com with SMTP id 8so3016533qea.18 for ; Sat, 19 Oct 2013 22:44:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eitanadler.com; s=0xdeadbeef; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=GrcP+ffrSk4K/IMtnhU48QkeHzKDQAc56r/aypINNmE=; b=Wxmte0TmzD8FHIWBRLI3CHhKB6CjjQRE6DORSm7t2VteN7+wSx4eTWnAQyEXF5AzVD 277CCAGrdy1AeFfk9eBtiF7eUsrlIhIkuQSTiyrXEAc9lSSQtwXFsRCv00qapNAcGase cSiT4fJF0YltoJW3c+rfTUbQAh+SU4qNDd04o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=GrcP+ffrSk4K/IMtnhU48QkeHzKDQAc56r/aypINNmE=; b=QTlFwMxNytx7ud3M0C65qYD3OIApmnw0PXznBIUIXbfAnVSHjfufnrCUKNigcf4LKt JzuRaHnk1RhuHibJ3VfeETUVm/Ut+VjypDQ21RNJRZLx9DYReW5EIiFRpP7eK74PjnYF AEsPLvZgbs/JNEQCbMSSqT/CCWGzmps4TNbWuBostwvWpB/NzNruXv5G+iYn/D9gD8FC uD2Wj2e6Q+PUl1DhY8qzeGLmMvqlV5ngAYlolTSlE9M1912PeQoQ9COVCYmW5r0E9jBO eYsybXZvV4pBXX1Yq7QFHxFb49sgZbE4SMceF+FCPWnX6BzF4NK34KZdrp4zdwcs7kmo 2ggw== X-Gm-Message-State: ALoCoQlqXaycjwA2/Y9W61SJlB+t98+Z7Ji86gCL7rvUsr9Ly5UZvKe3F7WIEwpewaGHefWoA6Z5 X-Received: by 10.229.73.6 with SMTP id o6mr14727419qcj.2.1382247846130; Sat, 19 Oct 2013 22:44:06 -0700 (PDT) MIME-Version: 1.0 Received: by 10.96.63.101 with HTTP; Sat, 19 Oct 2013 22:43:35 -0700 (PDT) In-Reply-To: <20131020040409.GA11465@faust.sbb.rs> References: <20131020040409.GA11465@faust.sbb.rs> From: Eitan Adler Date: Sun, 20 Oct 2013 01:43:35 -0400 Message-ID: Subject: Re: .rnd file after starting X To: Zoran Kolic Content-Type: text/plain; charset=UTF-8 Cc: "freebsd-security@freebsd.org" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Oct 2013 05:44:07 -0000 On Sun, Oct 20, 2013 at 12:04 AM, Zoran Kolic wrote: > After updating to 9.2 release and upgrading ports, > I had to compile nvidia driver 319.32. Finally, have > graphics up. One file shows out of the blue, when- > ever I run startx, spite I remove it regurarly. The > size is 1024. Man for rand mentions it. I cannot see > what openssl has to do with X at the moment. Amd64. > I might send the file if someone wants to take a closer > look at it. > Best regards startx calls openssl rand when creating its cookie file: 163 mcookie=`/usr/bin/openssl rand -hex 16 It is safe to leave this file alone.` From owner-freebsd-security@FreeBSD.ORG Mon Oct 21 20:45:51 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id A3C24D99; Mon, 21 Oct 2013 20:45:51 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: from mail-vc0-x22c.google.com (mail-vc0-x22c.google.com [IPv6:2607:f8b0:400c:c03::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 546CA24F1; Mon, 21 Oct 2013 20:45:51 +0000 (UTC) Received: by mail-vc0-f172.google.com with SMTP id ks9so793068vcb.31 for ; Mon, 21 Oct 2013 13:45:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=lEUCZUhIzisDT3AfBDitWHhL5x4DDyv3V54MLlwyvCo=; b=WvvofkIrZ+VkLiYVal8EKEN+V5YE4O4da4Dsobbe5PFLsNCY0BGC3vysnBX4kkAoSU gA6Ycl4cflj69MHlkURGK3/jS9cOw9CeWOJ2kgncwr+ijMs4g6U7pV7Jlv7VrjMrRgo3 +xIrLEMkX6mPm1AG5JLiEoEpcoGniwmP3Au/Uw1/3bxIGQVbOtXdxIOx9yrVBdkJ/ZHw UH65Z4sai+11s0LJkL6PYYjqM0G0T7jeE+x+QqY6EgGoTH/DNbEekLRSYBQAQYYCFqEQ y8ScvrHWgKmmXMtUNP8RVZicdCE24yPQigiGs22tpvts1oL5tckZStpy5BgGflljOu1t Q8kw== MIME-Version: 1.0 X-Received: by 10.58.156.106 with SMTP id wd10mr12150227veb.7.1382388350371; Mon, 21 Oct 2013 13:45:50 -0700 (PDT) Received: by 10.221.4.137 with HTTP; Mon, 21 Oct 2013 13:45:50 -0700 (PDT) Date: Mon, 21 Oct 2013 16:45:50 -0400 Message-ID: Subject: FreeBSD crypto and security meta From: grarpamp To: cryptography@randombit.net Content-Type: text/plain; charset=UTF-8 X-Mailman-Approved-At: Mon, 21 Oct 2013 21:24:50 +0000 Cc: freebsd-security@freebsd.org, freebsd-current@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Oct 2013 20:45:51 -0000 > https://lists.freebsd.org/pipermail/freebsd-security/2013-October/007226.html http://www.freebsd.org/news/status/report-2013-07-2013-09.html#AES-NI-Improvements-for-GELI http://www.freebsd.org/news/status/report-2013-07-2013-09.html#Reworking-random(4) From owner-freebsd-security@FreeBSD.ORG Wed Oct 23 11:54:12 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id AFA8F6D5 for ; Wed, 23 Oct 2013 11:54:12 +0000 (UTC) (envelope-from az@azsupport.com) Received: from as1.azsupport.com (azsupport.com [74.52.186.194]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 947672851 for ; Wed, 23 Oct 2013 11:54:12 +0000 (UTC) Received: from localhost (unknown [109.75.144.107]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by as1.azsupport.com (Postfix) with ESMTPSA id F05F7AE0 for ; Wed, 23 Oct 2013 13:54:10 +0200 (CEST) Date: Wed, 23 Oct 2013 13:54:08 +0200 From: Andrei To: freebsd-security@freebsd.org Subject: OpenPAM/SSHD privacy hole (FreeBSD 9.2+ affected) Message-ID: <20131023135408.38752099@azsupport.com> Organization: azsupport.com X-Mailer: Claws Mail 3.9.2 (GTK+ 2.24.19; amd64-portbld-freebsd10.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Oct 2013 11:54:12 -0000 Hello, I found that in the new FreeBSD 9.2 (probably in 10 also) updated OpenPAM sources. The big embarrassment was in pam_get_authtok.c. The problem is that even without a valid SSH login it's possible to know the server's hostname. az@az:/home/az % ssh 1.2.3.4 Password for az@real.hostname.com: Changes made by "des": http://www.openpam.org/changeset/510/openpam/trunk/lib I really do not think that this behavior must be present! I ask the community to pay attention to it and remove these harmful changes. Kind regards, Andrei. From owner-freebsd-security@FreeBSD.ORG Wed Oct 23 12:06:36 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id DF64AFE0; Wed, 23 Oct 2013 12:06:36 +0000 (UTC) (envelope-from cs@freebsd.org) Received: from mail.carlostrub.ch (319.ch [88.198.108.251]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 9CCEC29A5; Wed, 23 Oct 2013 12:06:36 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.carlostrub.ch (Postfix) with ESMTP id 7542318CC90; Wed, 23 Oct 2013 14:06:28 +0200 (CEST) Received: from mail.carlostrub.ch ([127.0.0.1]) by localhost (maia.319.ch [127.0.0.1]) (maiad, port 10024) with ESMTP id 03763-02; Wed, 23 Oct 2013 14:06:27 +0200 (CEST) Received: from c-st.net (localhost [127.0.0.1]) (Authenticated sender: cs@carlostrub.ch) by mail.carlostrub.ch (Postfix) with ESMTPA id 2E18418CC71; Wed, 23 Oct 2013 14:06:27 +0200 (CEST) Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: OpenPAM/SSHD privacy hole (FreeBSD 9.2+ affected) X-Powered-BY: OTRS - Open Ticket Request System (http://otrs.org/) X-Mailer: OTRS Mail Service (3.2.10) Date: Wed, 23 Oct 2013 14:06:26 +0200 Message-ID: <1382529986.729788.498652166.90148.2@c-st.net> To: az@azsupport.com Organization: Carlo Strub From: Carlo Strub In-Reply-To: <20131023135408.38752099@azsupport.com> References: <20131023135408.38752099@azsupport.com> X-Virus-Scanned: Maia Mailguard Cc: freebsd-security@freebsd.org, des@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Oct 2013 12:06:36 -0000 23/10/2013 13:56 - Andrei wrote: > Hello, >=20 > I found that in the new FreeBSD 9.2 (probably in 10 also) updated OpenPAM= sources. > The big embarrassment was in pam_get_authtok.c. The problem is that even = without a > valid SSH login it's possible to know the server's hostname. >=20 > az@az:/home/az % ssh 1.2.3.4 > Password for az@real.hostname.com: >=20 > Changes made by "des": http://www.openpam.org/changeset/510/openpam/trunk= /lib >=20 > I really do not think that this behavior must be present! I ask the commu= nity to > pay > attention to it and remove these harmful changes. >=20 > Kind regards, > Andrei. > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g" >=20 I agree. That looks like an unnecessary privacy violation to me. What do yo= u think des@?= From owner-freebsd-security@FreeBSD.ORG Wed Oct 23 12:38:54 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 705CAAB3 for ; Wed, 23 Oct 2013 12:38:54 +0000 (UTC) (envelope-from az@azsupport.com) Received: from as1.azsupport.com (azsupport.com [74.52.186.194]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 5425D2B4D for ; Wed, 23 Oct 2013 12:38:53 +0000 (UTC) Received: from localhost (unknown [109.75.144.107]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by as1.azsupport.com (Postfix) with ESMTPSA id EB13CAFA for ; Wed, 23 Oct 2013 14:38:52 +0200 (CEST) Date: Wed, 23 Oct 2013 14:38:50 +0200 From: Andrei To: freebsd-security@freebsd.org Subject: Re: OpenPAM/SSHD privacy hole (FreeBSD 9.2+ affected) Message-ID: <20131023143850.4e14f55d@azsupport.com> In-Reply-To: <20131023120013.GK18943@albert.catwhisker.org> References: <20131023135408.38752099@azsupport.com> <20131023120013.GK18943@albert.catwhisker.org> Organization: azsupport.com X-Mailer: Claws Mail 3.9.2 (GTK+ 2.24.19; amd64-portbld-freebsd10.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Oct 2013 12:38:54 -0000 On Wed, 23 Oct 2013 05:00:13 -0700 David Wolfskill wrote: > > Does that also apply if /etc/ssh/sshd_config has been changed to read: > > # Change to no to disable PAM authentication > ChallengeResponseAuthentication no > > (as I routinely do)? > > Peace, > david In this case you lose "keyboard-interactive" login option. But we need it. Kind regards, Andrei.